| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <01054a96-22d1-b72e-1166-fcbd5c2f489b@linux.intel.com>
Date: Mon, 28 Feb 2022 13:34:45 +0200
From: Mathias Nyman <mathias.nyman@...ux.intel.com>
To: Anssi Hannula <anssi.hannula@...wise.fi>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
linux-usb@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/2 v2] xhci: fix garbage USBSTS being logged in some
cases
On 25.2.2022 12.26, Anssi Hannula wrote:
> xhci_decode_usbsts() is expected to return a zero-terminated string by
> its only caller, xhci_stop_endpoint_command_watchdog(), which directly
> logs the return value:
>
> xhci_warn(xhci, "USBSTS:%s\n", xhci_decode_usbsts(str, usbsts));
>
> However, if no recognized bits are set in usbsts, the function will
> return without having called any sprintf() and therefore return an
> untouched non-zero-terminated caller-provided buffer, causing garbage
> to be output to log.
>
> Fix that by always including the raw value in the output.
>
> Note that before 4843b4b5ec64 ("xhci: fix even more unsafe memory usage
> in xhci tracing") the result effect in the failure case was different as
> a static buffer was used here, but the code still worked incorrectly.
>
> Fixes: 9c1aa36efdae ("xhci: Show host status when watchdog triggers and host is assumed dead.")
> Signed-off-by: Anssi Hannula <anssi.hannula@...wise.fi>
> ---
Thanks. Adding both 1/2 v2 and 2/2
-Mathias
Powered by blists - more mailing lists